Two of the biggest social media sites, X (formerly Twitter) and LinkedIn, are reportedly soon set to support passkeys, a way for users to log in to their accounts without using a password.
According to discoveries made by iOS developer Steve Mosher, the two services contain code that suggest they will soon be compatible with the new technology, whose standards are governed by the FIDO alliance as set out in the FIDO2 specifications.
The FIDO alliance has board-level members including Apple, Google, and Microsoft, who all support passkeys on their respective platforms. Aside from them, though, the number of other services that offer them is limited.
Another adopter
BestBuy, eBay, and PayPal are the only other prominent services to support passkeys, although it appears their uptake continues to broaden. For instance, it was recently found that a beta version of WhatsApp contained a settings menu related to them, meaning that future releases of the encrypted messaging app will likely be compatible with them.
As well as being more convenient – as nothing needs to be remembered – passkeys are also thought to be more secure as they are phishing resistant, since there are no credentials that can be extracted from users; the keys that are used are not known by anyone.
The private key is stored cryptographically on a user’s device. When combined with the public key of the service in question, access to the account is granted. All that is required to verify the login is whatever the user has in place to secure their device. Typically this will be a fingerprint, their face, or PIN.
While many are positive about the future adoption of the technology and the replacement of passwords, some have concerns over their implementation. For instance, some argue that big tech is unfairly monopolizing passkeys, and locking users into their own platforms, since they cannot be used across them.
Many of the best password manager options, however, are beginning to support the storage of passkeys too, which would allow for cross-platform usage. Another issue, though, is how widespread the technology will become, and how long it will take for passkeys to trickle down into every one of the services users have. Security veteran Roger Grimes, for example, believes that passwords may still be with us for another ten years or so.
